6.8
CVE-2014-2510
- EPSS 0.5%
- Published 08.07.2014 11:06:01
- Last modified 12.04.2025 10:46:40
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Data is provided by the National Vulnerability Database (NVD)
Emc ≫ Centerstage Version1.2 Updatesp1
Emc ≫ Centerstage Version1.2 Updatesp2
Emc ≫ Documentum Foundation Services Version6.6
Emc ≫ Documentum Foundation Services Version6.7
Emc ≫ Documentum Foundation Services Version6.7 Updatesp1
Emc ≫ Documentum Foundation Services Version6.7 Updatesp2
Emc ≫ My Documentum For Desktop Version6.7.2
Emc ≫ My Documentum For Microsoft Outlook Version6.7 Updatesp
Emc ≫ My Documentum For Microsoft Outlook Version6.7 Updatesp2
Emc ≫ My Documentum For Microsoft Outlook Version6.7.1
Emc ≫ My Documentum For Microsoft Outlook Version6.7.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.632 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8 | 6.9 |
AV:N/AC:L/Au:S/C:C/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.